Home > Operation and Maintenance > Linux Operation and Maintenance > How to configure and protect network security on Linux systems

How to configure and protect network security on Linux systems

王林
Release: 2023-11-08 10:45:23
Original
1160 people have browsed it

How to configure and protect network security on Linux systems

With the widespread application of Linux systems, network security has become a vital task. While facing various security threats, system administrators need to implement network security configuration and protective measures for servers. This article will introduce how to configure and protect network security on Linux systems, and provide some specific code examples.

  1. Configuring the firewall
    Linux system uses iptables as the firewall by default, which can be configured through the following command:
# 关闭现有防火墙
service iptables stop

# 清空iptables规则
iptables -F

# 允许本地回环接口
iptables -A INPUT -i lo -j ACCEPT

# 允许ping
iptables -A INPUT -p icmp -j ACCEPT

# 允许已建立的连接
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# 允许SSH访问
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# 其他访问一律禁止
iptables -P INPUT DROP
iptables -P FORWARD DROP
Copy after login
  1. Close unnecessary services
    In Linux systems, there are often some unnecessary services running in the background. These services occupy server resources and also bring potential security risks to the system. You can use the following command to shut down unnecessary services:
# 关闭NFS服务
service nfs stop
chkconfig nfs off

# 关闭X Window图形界面
yum groupremove "X Window System"

# 关闭FTP服务
service vsftpd stop
chkconfig vsftpd off
Copy after login
  1. Install and use Fail2ban
    Fail2ban is an open source security tool that can monitor network conditions and detect suspicious logins Try and automatically blacklist restrictions through the firewall to effectively protect network security. Fail2ban can be installed through the following command:
yum install fail2ban -y
Copy after login

Configuration file:/etc/fail2ban/jail.conf

Add custom rules:

# 在jail.conf文件中添加一行:
[my_sshd]
enabled = true
port = ssh
filter = my_sshd
logpath = /var/log/secure
maxretry = 3
Copy after login

Create filter rules :

# 在/etc/fail2ban/filter.d/目录下,创建my_sshd.conf文件,然后编辑:
[Definition]
failregex = .*Failed (password|publickey).* from <HOST>
ignoreregex =
Copy after login
  1. Configuring SSH
    SSH is a very powerful and widely used remote login protocol, and it is also the target of many hacker attacks. Therefore, you need to take some security measures when using SSH:
# 修改SSH默认端口
vim /etc/ssh/sshd_config
# 将Port 22修改为其他端口,例如:
Port 22222

# 禁止root登录
vim /etc/ssh/sshd_config
# 将PermitRootLogin yes修改为PermitRootLogin no

# 限制用户登录
vim /etc/ssh/sshd_config
# 添加以下内容:
AllowUsers user1 user2
Copy after login
  1. Disable IPv6
    In most server network environments, IPv6 is not required. Disabling IPv6 can effectively reduce the system's Risk of attack:
# 添加以下内容到/etc/sysctl.conf文件中:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# 使用以下命令生效:
sysctl -p
Copy after login

Summary
This article introduces how to configure and protect network security on Linux systems, including configuring firewalls, shutting down unnecessary services, installing and using Fail2ban, and configuring Aspects such as SSH and disabling IPv6. The sample code provided in this article can help administrators complete network security work more conveniently and quickly. In practical applications, corresponding adjustments and improvements should be made according to specific circumstances.

The above is the detailed content of How to configure and protect network security on Linux systems. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template